If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ettercap theory

Now... I know I might get flamed with this but, I'm a newbie at pentesting and searching 'Ettercap' on here and on google (couldnt come up with a better dork) didn't answer my question. But... Its a simple one....

When I use ettercap (on my own network of course), it works like I can see FTP passwords and Telnet when I log into things but, when I try and visit things like Devshed forums website, facebook, hotmail and such, and try to login to those. It doesn't log any passwords or such? Is this because its SSL encrypted? or just cause I haven't done something right cause Im a newbie. (You have to start somewhere right?)

Also, whats the best linux based (im using ubuntu) application for analyzing ettercap files? mainly with the .eci and .ecp file extensions? Ive tried to look into etterlog and its too complex. I couldn't find anything else, with a quick search. Like im not a complete network newb, I have CCNA and CCNP so, i know some stuff. just not this.

...
When I use ettercap (on my own network of course), it works like I can see FTP passwords and Telnet when I log into things but, when I try and visit things like Devshed forums website, facebook, hotmail and such, and try to login to those. It doesn't log any passwords or such? Is this because its SSL encrypted? or just cause I haven't done something right cause Im a newbie. (You have to start somewhere right?)
...

You're probably doing everything right. Many sites such as the ones you mention use script to produce a password hash before the login credentials are sent to the site. In other words, the password is never sent in the clear.

Just remember that you will have to perform a MITM (Man In The Middle) attack to be able to retrieve passwords on sites using SSL. This will replace the SSL certificate issued by the site with your own, making it possible for you to retrieve the credentials in clear-text form. To do this is ettercap use the following command:

Code:

ettercap -Tq -M ARP /192.168.1.100/ /192.168.1.1/

Replace 192.168.1.100 with the IP of the target computer and 192.168.1.1 with the gateway IP.

I see.... I'll give the SSL one a try. The password hash? Shouldn't it still be sent in some POST or GET data though? Like, I don't see anything on ettercap except the connection, it shows up no post or get data. But, when I do FTP it shows up with my username and password in the Status box.